Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15768

Tune zookeeper request handler permissions (8x)

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • None
    • 8.11.1
    • security
    • None

    Description

      See SOLR-11623 for 9.x fixes in this space. This Jira is to apply sane permission default to  /admin/zookeeper?path=/security.json and /api/cluster/zk/data/security.json so users will need "security-read" permission to see that data across the board. Users already need this permission to use the /api/cluster/security/authentication API.

      NOTE that this was not a bug as such, but since these endpoints did not have an attached permission, they would remain unprotected, if the user did not define custom path-based permissions for the handlers, or alternatively applied an "all" permission at the end of the chain. This could be surprising to users, especially if they already included the predefined "zk-read" and "security-read" permissions in their chain, but they did not apply to these handlers.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            janhoy Jan Høydahl
            janhoy Jan Høydahl
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20m
                20m

                Slack

                  Issue deployment